axon-lang 1.38.5

AXON v1.5.1 — first crates.io publication of the AXON language full-stack runtime. Lexer/parser/type-checker/IR generator (re-exported from axon-frontend) plus the native Rust runtime: typed channels (TypedEventBus with QoS×5, π-calculus mobility, capability extrusion via shield D8 — Fase 13.f.2), Free Monad CPS handlers (Fase 2), lease kernel + reconcile loop (Fase 3+5), Epistemic Security Kernel (ESK Fase 6), Trust Types + ReplayLog (Fase 11.a+11.c), Stateful PEM over WebSocket (Fase 11.d), Ontological Tool Synthesis (Fase 11.e), Mobile Typed Channels (Fase 13). Crate publishes as `axon-lang` to mirror the Python PyPI package; library import remains `use axon::*` so existing call sites keep working unchanged.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216

//! AXON Runtime — Regulatory Compliance Registry (§Fase 6.1)
//!
//! Direct port of `axon/runtime/esk/compliance.py`.
//!
//! Canonical vocabulary for the ESK κ (regulatory class) annotation.
//! Every class corresponds to a real-world regulation; typos are
//! compile-time errors (§6.1 enforcement).

#![allow(dead_code)]

use std::collections::{HashMap, HashSet};

use serde::Serialize;

/// Metadata for one regulatory framework.
#[derive(Debug, Clone, Serialize)]
pub struct RegulatoryClass {
    pub name: String,
    pub title: String,
    pub jurisdiction: String,
    pub sector: String,
    pub description: String,
}

impl RegulatoryClass {
    /// Reflexive coverage — a class covers itself only. Cross-framework
    /// overlap is an explicit policy decision, not implicit.
    pub fn covers_class(&self, other: &RegulatoryClass) -> bool {
        self.name == other.name
    }

    fn new(
        name: &str,
        title: &str,
        jurisdiction: &str,
        sector: &str,
        description: &str,
    ) -> Self {
        RegulatoryClass {
            name: name.into(),
            title: title.into(),
            jurisdiction: jurisdiction.into(),
            sector: sector.into(),
            description: description.into(),
        }
    }
}

/// Build the canonical registry — must match Python `REGISTRY` exactly.
pub fn registry() -> HashMap<String, RegulatoryClass> {
    let entries = [
        RegulatoryClass::new(
            "HIPAA",
            "Health Insurance Portability and Accountability Act",
            "US",
            "healthcare",
            "PHI confidentiality, integrity, and availability for US healthcare providers.",
        ),
        RegulatoryClass::new(
            "PCI_DSS",
            "Payment Card Industry Data Security Standard",
            "Global",
            "financial",
            "Cardholder data protection for merchants and payment processors.",
        ),
        RegulatoryClass::new(
            "GDPR",
            "General Data Protection Regulation",
            "EU",
            "cross-sector",
            "Personal data protection for EU residents, with right-to-erasure.",
        ),
        RegulatoryClass::new(
            "SOX",
            "Sarbanes-Oxley Act",
            "US",
            "financial",
            "Financial reporting integrity for public companies.",
        ),
        RegulatoryClass::new(
            "FINRA",
            "Financial Industry Regulatory Authority",
            "US",
            "financial",
            "Broker-dealer oversight — communications, record retention, surveillance.",
        ),
        RegulatoryClass::new(
            "ISO27001",
            "ISO/IEC 27001",
            "Global",
            "cross-sector",
            "Information security management system certification.",
        ),
        RegulatoryClass::new(
            "SOC2",
            "SOC 2 Type II",
            "Global",
            "cross-sector",
            "Trust Services Criteria — security, availability, confidentiality.",
        ),
        RegulatoryClass::new(
            "FISMA",
            "Federal Information Security Management Act",
            "US",
            "government",
            "US federal government information security baseline.",
        ),
        RegulatoryClass::new(
            "GxP",
            "Good x Practice",
            "Global",
            "pharma",
            "Quality guidelines for pharma / clinical / manufacturing (GLP/GMP/GCP).",
        ),
        RegulatoryClass::new(
            "CCPA",
            "California Consumer Privacy Act",
            "US-CA",
            "cross-sector",
            "Consumer data rights for California residents.",
        ),
        RegulatoryClass::new(
            "NIST_800_53",
            "NIST SP 800-53",
            "US",
            "government",
            "Security and privacy controls catalog for US federal systems.",
        ),
    ];
    entries.into_iter().map(|c| (c.name.clone(), c)).collect()
}

pub fn is_known(label: &str) -> bool {
    registry().contains_key(label)
}

pub fn get_class(label: &str) -> Option<RegulatoryClass> {
    registry().get(label).cloned()
}

/// Return the MISSING classes — i.e. `required \ provided`.
pub fn covers<I, J, S>(shield_compliance: I, required: J) -> HashSet<String>
where
    I: IntoIterator<Item = S>,
    J: IntoIterator<Item = S>,
    S: AsRef<str>,
{
    let provided: HashSet<String> = shield_compliance
        .into_iter()
        .map(|s| s.as_ref().to_string())
        .collect();
    let needed: HashSet<String> = required
        .into_iter()
        .map(|s| s.as_ref().to_string())
        .collect();
    needed.difference(&provided).cloned().collect()
}

/// Return the set of sectors the labels span.
pub fn classify_sector<I, S>(labels: I) -> HashSet<String>
where
    I: IntoIterator<Item = S>,
    S: AsRef<str>,
{
    let reg = registry();
    labels
        .into_iter()
        .filter_map(|l| reg.get(l.as_ref()).map(|c| c.sector.clone()))
        .collect()
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn registry_has_all_expected_classes() {
        let reg = registry();
        for name in [
            "HIPAA", "PCI_DSS", "GDPR", "SOX", "FINRA", "ISO27001", "SOC2",
            "FISMA", "GxP", "CCPA", "NIST_800_53",
        ] {
            assert!(reg.contains_key(name), "missing {name}");
        }
    }

    #[test]
    fn is_known_accepts_canonical_names_only() {
        assert!(is_known("HIPAA"));
        assert!(!is_known("hipaa")); // case-sensitive
        assert!(!is_known("INVENTED"));
    }

    #[test]
    fn covers_returns_missing_classes() {
        let missing = covers(["HIPAA", "SOC2"], ["HIPAA", "GDPR", "SOC2"]);
        assert_eq!(missing.len(), 1);
        assert!(missing.contains("GDPR"));
    }

    #[test]
    fn classify_sector_aggregates() {
        let sectors = classify_sector(["HIPAA", "PCI_DSS", "GxP"]);
        assert!(sectors.contains("healthcare"));
        assert!(sectors.contains("financial"));
        assert!(sectors.contains("pharma"));
    }

    #[test]
    fn reflexive_covers_class() {
        let hipaa = get_class("HIPAA").unwrap();
        assert!(hipaa.covers_class(&hipaa));
        let gdpr = get_class("GDPR").unwrap();
        assert!(!hipaa.covers_class(&gdpr));
    }
}